194059a1f9542d7ff26379fafcb6e1625bf67f3c4Ajax"""Module implementing Krack Attack on client, as a custom WPA Access Point 294059a1f9542d7ff26379fafcb6e1625bf67f3c4Ajax 394059a1f9542d7ff26379fafcb6e1625bf67f3c4AjaxMore details on the attack can be found on https://www.krackattacks.com/ 494059a1f9542d7ff26379fafcb6e1625bf67f3c4Ajax 594059a1f9542d7ff26379fafcb6e1625bf67f3c4AjaxExample of use (from the scapy shell): 694059a1f9542d7ff26379fafcb6e1625bf67f3c4Ajax>>> load_module("krack") 794059a1f9542d7ff26379fafcb6e1625bf67f3c4Ajax>>> KrackAP( 894059a1f9542d7ff26379fafcb6e1625bf67f3c4Ajax iface="mon0", # A monitor interface 994059a1f9542d7ff26379fafcb6e1625bf67f3c4Ajax ap_mac='11:22:33:44:55:66', # MAC (BSSID) to use 1094059a1f9542d7ff26379fafcb6e1625bf67f3c4Ajax ssid="TEST_KRACK", # SSID 1194059a1f9542d7ff26379fafcb6e1625bf67f3c4Ajax passphrase="testtest", # Associated passphrase 1294059a1f9542d7ff26379fafcb6e1625bf67f3c4Ajax).run() 1394059a1f9542d7ff26379fafcb6e1625bf67f3c4Ajax 1494059a1f9542d7ff26379fafcb6e1625bf67f3c4AjaxThen, on the target device, connect to "TEST_KRACK" using "testtest" as the 1594059a1f9542d7ff26379fafcb6e1625bf67f3c4Ajaxpassphrase. 1694059a1f9542d7ff26379fafcb6e1625bf67f3c4AjaxThe output logs will indicate if one of the vulnerability have been triggered. 1794059a1f9542d7ff26379fafcb6e1625bf67f3c4Ajax 1894059a1f9542d7ff26379fafcb6e1625bf67f3c4AjaxOutputs for vulnerable devices: 1994059a1f9542d7ff26379fafcb6e1625bf67f3c4Ajax- IV re-use!! Client seems to be vulnerable to handshake 3/4 replay 2094059a1f9542d7ff26379fafcb6e1625bf67f3c4Ajax (CVE-2017-13077) 2194059a1f9542d7ff26379fafcb6e1625bf67f3c4Ajax- Broadcast packet accepted twice!! (CVE-2017-13080) 2294059a1f9542d7ff26379fafcb6e1625bf67f3c4Ajax- Client has installed an all zero encryption key (TK)!! 2394059a1f9542d7ff26379fafcb6e1625bf67f3c4Ajax 2494059a1f9542d7ff26379fafcb6e1625bf67f3c4AjaxFor patched devices: 2594059a1f9542d7ff26379fafcb6e1625bf67f3c4Ajax- Client is likely not vulnerable to CVE-2017-13080 2694059a1f9542d7ff26379fafcb6e1625bf67f3c4Ajax""" 2794059a1f9542d7ff26379fafcb6e1625bf67f3c4Ajax 2894059a1f9542d7ff26379fafcb6e1625bf67f3c4Ajaxfrom scapy.modules.krack.automaton import KrackAP 29